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17 JAN 1978 


MEMORANDUM FOR: Director of Security 


Security (PTOS) 


SUBJECT: Office of Security Policy Definition 
Concerning Security Violations and Their 
Reporting by CIA Domestic Industrial 
Contractor Facilities 


1. Action Requested: It is requested that you sign 
Attachment One and Attachment Two forwarded with this 
memorandum, and that you forward Attachment One to the 
Director of Logistics and Attachment Two to the Director, 
NRO, togethar with exemplars of the Security Violation 
Report Form. 


Ze Background: The DCI, when commenting on the 
Security Review Task Force Report of the Moore and Boyce/Lee 


Cases, expressed concern that not a31 security violations 

were being reported to ters as required in Section I, 
Paragraph 6a(3) of the ndustrial Security Manual. 
Agency regulations cur ntain no definition of a 
security violation. Attachments One and Two contain a 
definition of what constitutes a reportable security violation. 
Also included is a reporting form which would be used by 
Agency contractors to report such violations to Headquarters 
in a noncompartmented format. 


3. Staff Position: This new definition of a reportable 
security violation represents the coordinated position of 

this Office, of the Security Staffs of the Office of Develop- 
ment and Engineering, the Office of Communications, the Office 
of Logistics, and of the NRO, as well as of the Speciai 
Security Center. The Security Violation Report Form was 
designed by the Office of Development and Engineering and 
meets with the approval of the other Offices concerned. The 
Office of Communications has requested a cOpy of the two 
attachments and the Security Violation Report Form. We 
propose to forward them as requested following your signature 
of Attachments One and Twa. . 
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4. Recommendation: It is recommended that you sign 
and forward the attached memoranda to the Director of 
Logistics and to the Director, NRO, along with copies of 
the Security Violation Report Form for further dissemination 


to the Director of Logistics and the appropriate NRO Program 
Offices. — 
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6 FEB 1978 
MEMORANDUM FOR: Director of Logistics 
FROM: Robert W. Gambino 
Director of Security 
SUBJECT: Security Violations Occurring at CIA 


Funded Contractor Facilities -- 
Definition of and Reporting Procedures (U/AIUO) 


1. (S) During security audits conducted at Agency- 
funded and non-Agency-funded contractors as a result of 
the Boyce/Lee Case, it has become apparent that some 
contractors have not been reporting security violations to 
Headquartess. It is recognized that such reports have not 
been required in the past with respect to collateral 
classified contracts, and that it was only in the SCI area 
that reporting of security violations was mandatory. Many 
contractors have adopted the policy of reporting only 
violations which have, in their judgment, resulted in 
compromise or which they felt could potentially result in 
compromise. They have not uniformly reported other matters 
such as open safes or unsecured classified material found 
by guards, preferring to regard them simply as securtty 
"discrepancies" rather than as violations. 


2. {(U/AIUO) The Director of Central Intelligence has 
expressed concern regarding this situation and agrees that 
such @ lack of reporting is unacceptable. The following 
policy will, therefore, apply with regard to all contracts 
under the cognizance of the Central Intelligence Agency: 


(U/AIUO) "SECURITY VIOLATION: Any breach of 
security regulations, requirements, procedures or 
guides by an individual which subjects classified 
or sensitive material or information to compromise 
to unauthorized persons, or which places it in _ 
jeopardy where a compromise.coyld result, constitutes 
a reportable security wiolation. Such a breach 
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includes both acts of omission such as failure 

to properly secure classified or sensitive material, 
and acts of commission such as discussion of 
classified or sensitive information over nonsecure 
telephone circuits. The information and materials 
referred to in this definition comprise Collateral 
classified, SCI classified, and those materials 

and information which are sensitive because they 
involve intelligence sources and methods." 


3. (U/ATUO) It is requested that you disseminate the 
definition as shown above to all of your contractors. 


4, (U/ATUO) Along with the definition, please forward 
a copy of the attached Security Violation Report Form. It 
may be reproduced locally by each contractor as necessary. 
Please inform your contractors that the Security Violation 
Report forms, when filled in, are to be classified SECRET 
if they relate to SCI contracts, and CONFIDENTIAL if they 
relate to Collateral-type contracts. The contractor is to 
submit these forms in duplicate to the Cognizant Headquarters 
Security Officer (CHSO}). The CHSO will maintain one copy 
in Office of Logistics files as a record of security violations 
pertaining to that particular contract for review during contract 
award fee negotiations. The CHSO will send the second copy to 
the Office of Security for inclusion in the individual's 
security file. Full Program names should not be used in reporting 
SCI violations on this Security Violation Raport Form because 
the forms will ultimately be stored in a noncompartmented area. 
If it is necessary for the contractor to report SCI details 
of a violation, the facts should be separately stated in an 
attachment which will be detached upon receipt at Headquarters 
and maintained under SCI control. 


S. (U/AIUG) It is recognized that the Office of 
Communications has already established procedures under which 
contractors report certain types of COMSEC violations to 
Headquarters. This new procedure is a supplementary requirement. 


25X1A 
6. (U/AIUOQ) Please advise this Office when the actions 
in paragraphs 3 and 4 ha i 
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